[Thali-talk] QR codes

Michael Rogers michael at briarproject.org
Fri Mar 27 13:53:28 EDT 2015 

Thanks for the explanation! What I had in mind for the QR code workflow
was slightly simpler, but maybe the fiddliness of scanning the codes
would still kill it:

1. Users 1 and 2 put their phones into exchange identity mode
   - QR code on the top half of the screen, viewfinder on the bottom
2. Users 1 and 2 scan each other's codes, in whichever order they like
   - When a phone has scanned a code, the viewfinder becomes a tick

When both phones have scanned a code, the rest of the exchange happens
automatically.

The problem we've had with the discovery approach is that Bluetooth
discovery is unreliable on some phones, and it interferes with making a
connection, so the phones may not be able to connect until they've both
stopped discovery (which you can control on the local device, but not
the remote one). But maybe those problems are easier to work around than
the physical awkwardness of scanning QR codes. I guess the only way to
know is to build some prototypes...

Cheers,
Michael

On 27/03/15 17:42, Yaron Goland wrote:
> With QRCodes the exchange is:
> 
> 1. User 1 puts their phone into 'show qrcode mode' while user 2 puts their phone into 'read qrcode mode'
> 2. User 2 then points the back of their phone at User 1's screen and reads in the QRCode. This process was consistently a bit wonky, even with native readers. You really do have to get the phone pointed correctly and wiggle things around a bit.
> 3. User 2 then accepts the offered information into their system.
> 
> Now repeat the above but flip User 1 and User 2.
> 
> So a total of 6 steps. And don't ask me how we explain this all to the users. 6 steps is way beyond most humans.
> 
> With the Bluetooth/BLE exchange the process is:
> 
> 1. Users 1 and 2 put their phones into 'exchange identity mode' 
> 2. Users 1 and 2 select each other's names
> 3. Users 1 and 2 compare the numbers on each other's screens
> 4. Users 1 and 2 both hit 'accept'
> 
> So it's 4 steps versus 6. Both users are doing the same thing at the same time which is also easier to explain.
> 
> But to be fair we have not done any usability testing. What really drove the change was that we knew the QRCode experience was pretty awful. Just too many steps and too much fiddling with phones to make things work. So that pushed us to try and find something else.
> 
> Unfortunately I doubt we are anywhere near the end of the journey in figuring out how to securely exchange identities. :(
> 
>     Yaron
> 
> -----Original Message-----
> From: Thali-talk [mailto:thali-talk-bounces at thaliproject.org] On Behalf Of Michael Rogers
> Sent: Friday, March 27, 2015 6:02 AM
> To: thali-talk at thaliproject.org
> Subject: [Thali-talk] QR codes
> 
> Hi,
> 
> This blog post argues that discovering nearby devices and picking a device from a list is more convenient than scanning a QR code from the device you want to connect to:
> 
> http://www.goland.org/coinflippingforthali/
> 
> I'm surprised by this, because we've tried the discovery approach in Briar and found it pretty inconvenient. We're planning to switch to the QR code approach - but perhaps that would be even worse! Would you mind saying a bit more about your QR code experiments and where the pain points were?
> 
> Thanks,
> Michael
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <https://pairlist10.pair.net/pipermail/thali-talk/attachments/20150327/938305a2/attachment.pgp>

More information about the Thali-talk mailing list